Also included is removing the executable bit on haproxy.cfg.j2 as it
should not have those permissions in the repo. It has no affect on the
templating process.
Change-Id: I9c76e528896bdf1799b8eeb62ae77bc4ad0b4449
Closes-Bug: #1482832
In the ansible tool, both the Glance api and registry share
the same release tag and they shouldn't.
Change-Id: I5f5f288d192586b84963d59d94567371d28b76a0
Closes-bug: #1482374
Currently we require a slew of deps on each destination node, this
includes a gcc compiler and installing things via pip. We can remove
these dependencies by containerizing them and running and Ansible
inside the container itself. The container would then report back
facts about idempotency.
DocImpact
Closes-Bug: #1481495
Implements: blueprint containerize-dependencies
Change-Id: I3dfccbf9fafc06ffc36e78f3006fe5d3367891df
This patch checks that haproxy is alive and running. It does this by
using socat to talk to the haproxy socket. That socket will only
respond successfully when haproxy is active and functional.
Change-Id: I528588d5742071103c28109a69842a6f935232c2
Closes-Bug: #1478570
A missing comma after the second tag prevented the when conditional
from being evaluated correctly.
Change-Id: Ic18462212452a22ad556bed114e0a99440abe1ff
Closes-Bug: #1481130
Allows the user to configure neutron_plugin_agent value for Ansible.
Current allowed values are openvswitch and linuxbridge.
Implements: blueprint ansible-neutron-linuxbridge
Change-Id: I0572464a5459d2f9da09b6da22db16e240511f99
A small sleep is used to allow the database to initialize before
starting the databases on the other hosts.
Change-Id: I1ea9ee8be55f47ae917f9985431e1e919f64c101
Closes-Bug: #1479970
This is not possible when running multihost ansible.
Essentially this should've been part of #1476293.
Change-Id: I53baccf5f89e71ce1313524815f928ea04908a05
Partitially-Implements: blueprint ansible-service
If user specifies registry a full image name is constructed by
concatenation of the registry, namespace and image. Currently
concatenation does not include '/' if registry is non-empty but
it should. If registry is empty '/' is not required.
This fix covers both use cases with help of Ansible filter.
Change-Id: I0588dd0da55d777e6caa7eb47d51b2435d38d5e0
Closes-Bug: #1479013
Additionally, make each service optional witha config option allowing
for extreme flexibility should the deployer want to replace a service
with a non-kolla one (the database for example).
Change-Id: I7b644da7cfa7e8e6b6878eb1b1aa97db830504ae
Closes-Bug: #1478509
The original purpose for having an abstract like 'database' rather than
the service name of 'mariadb' has been change. Our direction is different
and this patch reflects consistent naming throughout
Change-Id: I704896191cc5243f9dab2a4cca9120e9dc2ceb2c
Closes-Bug: #1478328
Adds the needed ansible bits to support keepalived
Closes-Bug: #1479934
Change-Id: Iace29b23a0e923b1f5dc9a4f5bc0f88afce3ae62
Partially-Implements: blueprint ansible-service
This commit consists HAProxy ansible bits including config generation,
container deployment and hot reloads.
Closes-Bug: #1477915
Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: Ie93fa68fdb6b2885889c992ff1267d38b68e0cbc
Partially-implements: blueprint ansible-service
There is no benefit to hashing in merge_configs.py In fact, the opposite
is true, hashes can collide. This does a direct compare rather than hash.
Change-Id: I9ab7af13e813e2267984092027daf1658faf5bf3
Closes-Bug: #1478494
This binds rabbitmq, epmd, and the management plugin to a single ip. The
syntax is very tricky, but this is all functional.
Change-Id: Iecbb00f6c4fe3044688ae3258da31b9aabbd1501
Closes-Bug: #1478073
This just fails when not running as root.
Change-Id: Ic3fc55d519c6165df917cf333a38907232fe3ed7
Partitially-Implements: blueprint ansible-service
Closes-bug: #1476293
This makes some changes to init-runonce to allow using Ansible as well as
updating it to use the openstack-client where applicable since the
keystone-client is not usable with keystone v3 api at all.
Change-Id: I6b9d6beb04df7724b1967638e98042ab03221cd1
Closes-Bug: #1477725
neutron-server was not properly using ml2_conf.ini
nova did not have ovs utils, and it had incorrect libvirt permissions
Change-Id: I43d2110d0b5fc1940d887dace95787e1ebbe142d
Partitially-Implements: blueprint ansible-service
The ml2_conf.ini file which sets OpenVswitch as the mechanism driver
was not being copied to the corect place. This patch resolves that
problem.
Change-Id: Ia276916a3183564c9b7d8d6aa9595c384ed99cf6
Closes-Bug: #1477399
The neutron-agents l3 agent requires access to the OVS database via
access to /run. It also needs to have ovs-vsctl binary available in
the container.
Change-Id: I903537b570cd60c9bb1088e9408a5f6ea4988d8f
Closes-Bug: #1477376
Ansible will exec a script in the OVS container to ensure the bridge and
ports are properly setup. The script is idempotent.
Change-Id: I5adca595a4d2ef4edf26c9635cfa5ceb30ca4a59
Closes-Bug: #1466375
Libvirt requires pid_mode to Host to operate on Fedora Hosts. Further
we will need this for libvirt upgrade. I am not entirely sure why
libvirt running with pid=host gets things working, but it definately
has something to do with CentOS's libvirt's integration with systemd.
Nailing down the problem, the interface to the Docker module accepts only
None or "host". There is no way to generate a None type except with !!null
in yml, but this does not work in the jinja2 parser. As a result, one
solution is this conditional. A better long term solution would be for
the Docker module to take some other argument to indicate None that can
be expressed in a string.
Change-Id: I54eb87e8ce8679bbf12f671527280c73e195b2e4
Closes-Bug: #1473270
The commands used to create a temporary file on the localhost were
vulnerable to a symlink attack. Removing the shell module and ensuring
the ansible copy and file module is used will verify this file exists as a
file with the correct permissions and ownership
Change-Id: I829483edf1435e41726ebfe1bc826e0c2e5265e3
Closes-Bug: 1471376
Due to the licensing issues and the modules not existing in upstream
Ansible yet, I have written a simple module to fill the gaps.
This also uses Keystone v2.0 for all create of users, roles and
endpoints. The implementation of Keystone v3 must be discussed after the
new modules arrive.
Partially-Implements: blueprint ansible-service
Change-Id: I389edd56741360dd26fbbc0a982f365ca27ff446
AIO nodes had an address in the gcomm list which would prevent AIO
containers from starting appropriately.
Change-Id: I6db8c831ef9f9c0348748eb9539db326dc0df048
Closes-Bug: #1472481